Bitcoin Wallets and Exchanges: Haven for Cybercriminals?

It is widely known that Bitcoin has enjoyed immense popularity with underground crime markets because of the anonymity associated with financial transactions. Despite becoming mainstream for traditional businesses and everyday consumer commerce, crypto’s nefarious use remains strong, with ransomware and other criminal actors brazenly seeking to extort payment in bitcoin and underground markets now utilizing a variety of cryptocurrencies.

The mainstreaming of Bitcoin in particular, along with built-in mechanisms for ensuring a reasonable degree of scarcity, has dramatically driven up the value of the currency. Not surprisingly, threat actors are now looking at new ways of stealing bitcoins, including through sophisticated phishing schemes.

Recent insights from the cryptocurrency risk mitigation firm Proofpoint has revealed a major uptick in phishing schemes now targeting online wallets and exchanges for cryptocurrency like bitcoin. These attacks are extremely sophisticated and often mimic similar attacks seen for a range of services like online banking, Dropbox, Google, etc. However, this targeting of bitcoin wallets offers new opportunities for cyber criminals given that these forms of transactions are even harder to detect

Here are a few additional insights:

Targets: Proofpoint observed a number of phishing templates and email lures that mimic online wallets like Blockchain.com and cryptocurrency exchanges like Poloniex. Method: These templates attempt to steal wallet IDs and credentials that allow actors to conduct fraudulent transactions with third parties or withdraw funds directly. Scope: With the rapid rise of Bitcoin, this trend indicates just how much of a large cybercriminal opportunity there is. In fact, Square released a report which found almost half of millennials have a digital wallet.

Here at BTCManager we turned to Patrick Wheeler, Director of Threat Intelligence at Proofpoint for some additional insights on what’s currently taking place in this space:

How Significant of an Issue is the Emergence of these Phishing Schemes Targeting Bitcoin Wallets?

“The emergence of these phishing schemes targeting bitcoin wallets follows an overarching cybercrime trend: follow the money. The very features of Bitcoin that make it so popular, namely, that it’s largely anonymous, difficult to trace and not controlled by any government or financial institution make it equally appealing to thieves. Bitcoins are like cash in a wallet. Much easier to steal if you have access to the wallet, impossible to recover, and much less likely to be detected.”

What sort of Trends have You Been Seeing in terms of the Prevalence of these Issues over the past 12-18 months?

“Last year was a record year for phishing in general and these cybercriminals are preying on the human factor with the hope that recipients won’t take the time to ensure an email message’s authenticity and instead will just click. They have established phishing templates and email lures that mimic online wallets like Blockchain.com and cryptocurrency exchanges like Poloniex. Bitcoin has been a very tempting target for theft because most underground services are paid using bitcoins and other altcoins, which means the threat actors are both savvy with cryptocurrencies and have more spending options.”

What is the Attack Vector? In Other Words, Who and What are being Targeted (Users, Exchanges, etc.)?

“Anyone with a digital wallet or account on cryptocurrency exchange could become a victim of these types of attacks. These attacks attempt to steal wallet IDs and credentials that allow actors to conduct fraudulent transactions with third parties or withdraw funds directly. Unfortunately, the anonymous nature of cryptocurrency transactions makes fraud even harder to detect.”

Predictions on What we Might see as these Attacks Continue to Progress?

“I predict we will continue to see phishing attacks targeting cryptocurrency wallets and services